b'Final Audit Report, \xe2\x80\x9cNASA\xe2\x80\x99s Implementation of the Privacy Provisions of the Electronic\nGovernment Act\xe2\x80\x9d (Report No. IG-07-024; Assignment No. A-06-005-00)\n\n\nOn August 28, 2007, we issued the final report on our review of NASA\xe2\x80\x99s implementation\nof Privacy Provisions of the Electronic Government Act of 2002 (E-Government Act).\nTo determine NASA\xe2\x80\x99s compliance with the E-Government Act Privacy Provisions, we\nfocused on determining whether (1) NASA conducted privacy impact assessments (PIAs)\nfor electronic information systems and collections and made the PIAs publicly available,\n(2) posted privacy policies on the Agency\xe2\x80\x99s publicly accessible Web sites, and\n(3) translated privacy policies into a standardized machine-readable format. We found\nthat NASA was in partial compliance with OMB guidance in that NASA had conducted\nPIAs for electronic information systems and collections and made PIAs publicly\navailable on its Web site. However, privacy policies were not posted on 20 percent of\nNASA\xe2\x80\x99s publicly accessible Web sites and not translated into a standardized machine-\nreadable format on 75 percent of those sites. As a result, NASA could not be assured that\nprivacy risks had been appropriately assessed by Web site officials, and users accessing\nthose sites may not have received sufficient information to make informed decisions\nabout whether to interact with the site. NASA has taken corrective actions or plans to\ntake corrective actions to achieve full compliance with the Privacy Provisions of the\nE-Government Act.\n\nWe recommended that the Agency ensure compliance with the Privacy Provisions\nby annually reviewing the Agency\xe2\x80\x99s publicly accessible Web sites to ensure sites are\ncurrent and in compliance with existing requirements and by developing and reporting a\ntimetable for translating privacy policies into a standardized machine-readable format.\nManagement\xe2\x80\x99s comments were responsive. We will close the two recommendations\nupon completion and verification of management\xe2\x80\x99s corrective action.\n\n\n\nThe memorandum contains NASA Information Technology/Internal Systems Data that is\nnot routinely released under the Freedom of Information Act (FOIA). To submit a FOIA\nrequest, see the online guide.\n\x0c'